fcc2d30f12cd6a6712127e41958fc65ef9e490e7fb594ee9ae5883796ac0ffc1

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0c60a1c406d78d92bcc325fa0e01f30_JaffaCakes118.html
Size

41KB
MD5

b0c60a1c406d78d92bcc325fa0e01f30
SHA1

cb6d48228e5c86721e8193dd3aa3e2a0dcf272cb
SHA256

fcc2d30f12cd6a6712127e41958fc65ef9e490e7fb594ee9ae5883796ac0ffc1
SHA512

f8e13745cb6226ddfda0bcd7cdd9ccfa3ad2d7cadd4e6508e6555456bc4221ea6f14c8d78f08e3bff4423a4d480ab4615257d8e3c1df73f6f98b75e76324237f
SSDEEP

384:wOmkElfiDG0UFkHNX7kuWTqsidZQL5pYj8tmViuvqExt1pPTv7XWAcs6RffXycox:wxDKMcvWf5FIig9pHWx5c8S95y6hXwO

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	2572	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424657606"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C32E9211-2B72-11EF-8A4F-62EADBC3072C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2572	2056	iexplore.exe	28
PID 2056 wrote to memory of 2572	2056	iexplore.exe	28
PID 2056 wrote to memory of 2572	2056	iexplore.exe	28
PID 2056 wrote to memory of 2572	2056	iexplore.exe	28
PID 2572 wrote to memory of 2952	2572	IEXPLORE.EXE	30
PID 2572 wrote to memory of 2952	2572	IEXPLORE.EXE	30
PID 2572 wrote to memory of 2952	2572	IEXPLORE.EXE	30
PID 2572 wrote to memory of 2952	2572	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b0c60a1c406d78d92bcc325fa0e01f30_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 2548
    3⤵
    - Program crash
    PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8350337b39af1fffd18606d007a8728

SHA1
6b26b485baba026c7f996ea48a0b172d514067ce

SHA256
7669eda9c6698eff9754a39c7744118898e2686a2f81947cdd2ff5677bb36f0b

SHA512
e2d76dceada6cfdfd70bb964ea385287583811ca437b15108ea641a9ca077c9df22ef8c55bebf7fa15594abceab0151d288ced7de81608ada6175eac3d599558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52a26f79e579f18b3d90dbb7b03894e5

SHA1
794477ccb41d5f68ea41ad2e6585f1626444715a

SHA256
38bc42816fc24e9daed5cb4f9c9847f2c4a53d814f64350705626e95539d6515

SHA512
5dac0e9fa36e13363a45684bbd3ddbc0bd44694ee426d689aec9994ab873fa2a9dd735ed6275c6daaf283e1fdbe492e5da81e24e613109f8de0c65f810ff0a04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
697d79e31bce199fb48897cee7488741

SHA1
1a5fe59da81ffe4f8125f2372f064435d900f7b5

SHA256
5eb918f1b95fd736ca9e17b3f5ba12cb91099b06b392ce1e9e0ff775fd3c31fb

SHA512
936911c5d51ea19768ea84290d6d7a80356e375ae88df03b19d08156de525a4f15a87a81cf994b55db07fbd27cc43777e7e8978a3f48c0f3bd0f096bf5ff180f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ca2a8276842f0ce9677a0821e3c308d

SHA1
a6e6ba9ee12f5c0ea2263b8e9da90cf3b635cb49

SHA256
fbc400814d6272a9b46b26deba30b7a8bceea5fae12fd6624ed53fe2ddf884a3

SHA512
4ce9e79e20c4e469b6f1caf795f9860ae99ff1371a0342b3cbe987ac5eeb826d15877379d5e84bc162631fead739cfef43fbc25c78d8449d3374e304c9ee3f73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc6dd1cc972cf460f03c7f87c5223bd6

SHA1
bb43fc1fdb8234b7b426d9958ce072e921a406d5

SHA256
f876ced7588a827036299b7968bf4ad7163020712b50ed23ac4a3e77ff2d8620

SHA512
039f24b90a586c993fd2412e9e65f84d3457b3f49ed89a55915370d136039bb21e8ff5a0f317b7e6c1c077b6c9a2e52d11859ddea03b6a0cc63483d596ed9141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57583af34f2d067de190c94e9d34260c

SHA1
5a8a0775a071f81a63724d1140a60fae5f798471

SHA256
dbc332eca51889b0839bd56b2c617253ceaf5369deaf65fd74487f5e00f7394d

SHA512
d2d4ae38e6536f6220a54bb5a5151001c0f3a30490f5cc4dd0a3a419c60a665382eae7d8ed52d69961f67fdd69fc28cab40e37164fd7623ce13ae7a3de4bae0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b74d571828fccb0700f860291970148

SHA1
2acb2ff89f28d64720b7bb78e968f0ffdb59fdc0

SHA256
7588dd2cee6bc267c9d5194d24a4fc4a37b70522b2053da303efe672711f36ff

SHA512
91e5aee240401da03c759bb0a8a3c15b5bd3bf8cb7d89ae33d632cf64786723b57ed63967c17a713effca75c478e401660ca4f235b73762ad81973ca84694949

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09dabec27be24fa8eed98a7f064e61a0

SHA1
082f0ea35c60c07b57cae97ed66a71d1eb395ac9

SHA256
4e1f093699a8feb70a422105af2bbd6a5a486186488ed85b64e4670db08d1a7d

SHA512
7ab9e1a634718c2294be95f890f848b6b9fbbfd5d70a6774ea9854f83ea82ce4f67f6c3d4fa88904ce376c264dd267558dd2c5614dc4e2fa3458a99de07d0f7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e582228fe29de2af048b532dd20fe344

SHA1
dca125cc4a300ab7fed98271df2ca21932b7cb3b

SHA256
ab8d67f90a19c05cae691bb7f3f01c397b33791d360034c5c6a79c49af1fed62

SHA512
6c6bbdc1d6f712e67d4e6a1c4ca40ff7bc125d13855d3fc7198167fc2916c8ea697b63ae0253429607b10e39a50f00cff72054e3bffada430397f6ec6c5dcae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87db21c83a058e5acc06776635fc52d5

SHA1
b1227f295e058364aced914e0c3704ae95cab35b

SHA256
8a7f984cc517cc8dc4aa6984d088ea43d38d5ca3428454802acd31918689d5f8

SHA512
274598564619d10f832040a26215fd85b123ff694ec11d84362b6af8b6d8d013f8675b68200a4603901083bcfb78c2730bd86296f7e904579cc2efbc8c1d75a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f53515368dd6f2b5daac633157f7c12

SHA1
822d7368569a310112eaea7f3ed635df1648cc94

SHA256
53ed60c75c701241c7cdf8caba3e2d22ab4732be72b2f7adb2fefa50d2f6c532

SHA512
bcba61c1dd0a1df819dc3f0663da27d0f708223e7ff6860616252b3885f94e8648eca961a822645978539a8553c82ffcbff6e868a7863b9383c47600e203b93d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d80c5cc1dbab485bdcce416f2340ee1f

SHA1
3463a95b2167eb76a60199bb370d82f172929db5

SHA256
27185df22f76908d1c4da337d4afa4af18702be4ca5ce5920edc05beaf669bfb

SHA512
49adb54a9240ccc5e98cdda0e2807ba83dd975d5a619c8d83075a57782e918a225c09e252667d07eab77e575daf07f9b5f238bb80d216a0aa27b8490a8d5ea55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E46.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7EF5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit